CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2025-32189 – WordPress BWD Elementor Addons plugin <= 4.3.20 - Cross Site Scripting (XSS) vulnerability
https://notcve.org/view.php?id=CVE-2025-32189
04 Apr 2025 — Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Best WP Developer BWD Elementor Addons allows DOM-Based XSS. This issue affects BWD Elementor Addons: from n/a through 4.3.20. The BWD Elementor Addons plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 4.3.20 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above... • https://patchstack.com/database/wordpress/plugin/bwd-elementor-addons/vulnerability/wordpress-bwd-elementor-addons-plugin-4-3-20-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2025-32260 – DethemeKit For Elementor <= 2.1.10 - Missing Authorization
https://notcve.org/view.php?id=CVE-2025-32260
04 Apr 2025 — The DethemeKit for Elementor plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in all versions up to, and including, 2.1.10. This makes it possible for unauthenticated attackers to perform an unauthorized action. • CWE-862: Missing Authorization •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2025-31857 – WordPress Directorist AddonsKit for Elementor plugin <= 1.1.6 - Cross Site Scripting (XSS) vulnerability
https://notcve.org/view.php?id=CVE-2025-31857
01 Apr 2025 — Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in wpWax Directorist AddonsKit for Elementor allows Stored XSS. This issue affects Directorist AddonsKit for Elementor: from n/a through 1.1.6. The Directorist AddonsKit for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.1.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contri... • https://patchstack.com/database/wordpress/plugin/addonskit-for-elementor/vulnerability/wordpress-directorist-addonskit-for-elementor-plugin-1-1-6-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2025-30766 – WordPress Happy Addons for Elementor <= 3.16.2 - Cross Site Scripting (XSS) Vulnerability
https://notcve.org/view.php?id=CVE-2025-30766
27 Mar 2025 — Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in HappyMonster Happy Addons for Elementor allows DOM-Based XSS. This issue affects Happy Addons for Elementor: from n/a through 3.16.2. The Happy Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 3.16.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level acc... • https://patchstack.com/database/wordpress/plugin/happy-elementor-addons/vulnerability/wordpress-happy-addons-for-elementor-3-16-2-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2025-30800 – WordPress Gum Elementor Addon plugin <= 1.3.10 - Cross Site Scripting (XSS) vulnerability
https://notcve.org/view.php?id=CVE-2025-30800
27 Mar 2025 — Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Atawai Gum Elementor Addon allows Stored XSS. This issue affects Gum Elementor Addon: from n/a through 1.3.10. The Gum Elementor Addon plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.3.10 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbit... • https://patchstack.com/database/wordpress/plugin/gum-elementor-addon/vulnerability/wordpress-gum-elementor-addon-plugin-1-3-10-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2025-30812 – WordPress SKT Addons for Elementor plugin <= 3.5 - Cross Site Scripting (XSS) vulnerability
https://notcve.org/view.php?id=CVE-2025-30812
27 Mar 2025 — Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in sonalsinha21 SKT Addons for Elementor allows Stored XSS. This issue affects SKT Addons for Elementor: from n/a through 3.5. The SKT Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 3.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, ... • https://patchstack.com/database/wordpress/plugin/skt-addons-for-elementor/vulnerability/wordpress-skt-addons-for-elementor-plugin-3-5-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.9EPSS: 0%CPEs: 1EXPL: 1CVE-2025-30911 – WordPress RomethemeKit For Elementor plugin <= 1.5.4 - Arbitrary Plugin Installation/Activation to RCE vulnerability
https://notcve.org/view.php?id=CVE-2025-30911
27 Mar 2025 — Improper Control of Generation of Code ('Code Injection') vulnerability in Rometheme RomethemeKit For Elementor allows Command Injection. This issue affects RomethemeKit For Elementor: from n/a through 1.5.4. The RomethemeKit For Elementor plugin for WordPress is vulnerable to arbitrary plugin installations due to a missing capability check in all versions up to, and including, 1.5.4. This makes it possible for authenticated attackers, with Subscriber-level access and above, to install arbitrary plugins on ... • https://packetstorm.news/files/id/190274 • CWE-94: Improper Control of Generation of Code ('Code Injection') CWE-862: Missing Authorization •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2025-30562 – Navigation Tree Elementor <= 1.0.1 - Authenticated (Subscriber+) SQL Injection
https://notcve.org/view.php?id=CVE-2025-30562
25 Mar 2025 — The Navigation Tree Elementor plugin for WordPress is vulnerable to SQL Injection in all versions up to, and including, 1.0.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with Subscriber-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-54444 – WordPress Elementor plugin <= 3.25.10 - Cross Site Scripting (XSS) vulnerability
https://notcve.org/view.php?id=CVE-2024-54444
24 Feb 2025 — Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Elementor Elementor Website Builder allows Stored XSS. This issue affects Elementor Website Builder: from n/a through 3.25.10. The Elementor Website Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 3.25.10 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and... • https://patchstack.com/database/wordpress/plugin/elementor/vulnerability/wordpress-elementor-plugin-3-25-10-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2025-26912 – WordPress Easy Elementor Addons plugin <= 2.1.6 - Cross Site Scripting (XSS) vulnerability
https://notcve.org/view.php?id=CVE-2025-26912
23 Feb 2025 — Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in HashThemes Easy Elementor Addons allows Stored XSS. This issue affects Easy Elementor Addons: from n/a through 2.1.6. The Easy Elementor Addons plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 2.1.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inje... • https://patchstack.com/database/wordpress/plugin/easy-elementor-addons/vulnerability/wordpress-easy-elementor-addons-plugin-2-1-6-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •